public PgpOnePassSignatureList(PgpOnePassSignature sig) { sigs = new PgpOnePassSignature[1] { sig }; }
private static void VerifySignature(PgpOnePassSignatureList onePassSigList, PgpSignatureList signatureList, PgpPublicKey pubKey, byte[] original) { PgpOnePassSignature ops = onePassSigList[0]; ops.InitVerify(pubKey); ops.Update(original); PgpSignatureList p3 = signatureList; PgpSignature sig = p3[0]; if (sig.KeyId != pubKey.KeyId) { throw new PgpException("key id mismatch in signature."); } if (!ops.Verify(sig)) { throw new PgpException("Failed generated signature check."); } sig.InitVerify(pubKey); for (int i = 0; i < original.Length; i++) { sig.Update(original[i]); } //sig.Update(original); if (!sig.Verify()) { throw new PgpException("Failed generated signature check against original data."); } }
private void doSigVerifyTest( string publicKeyFile, string sigFile) { PgpPublicKeyRing publicKey = loadPublicKey(publicKeyFile); PgpObjectFactory pgpFact = loadSig(sigFile); PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); Stream dIn = p2.GetInputStream(); ops.InitVerify(publicKey.GetPublicKey()); int ch; while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); } PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); Assert.IsTrue(ops.Verify(p3[0])); }
/// <summary> /// Verify single signature against one pass signature. /// </summary> /// <param name="onePassSignature"> /// The one pass signature. /// </param> /// <param name="publicKey"> /// The public key for validating the signature. /// </param> /// <param name="signature"> /// Signature to verify. /// </param> /// <returns> /// The <see cref="bool"/> value indicating whether the signature was valid. /// </returns> private static bool VerifySingleSignatueAgainstOnePass( PgpOnePassSignature onePassSignature, PgpPublicKey publicKey, PgpSignature signature) { bool valid; if (onePassSignature.Verify(signature)) { var userIds = publicKey.GetUserIds(); foreach (var userId in userIds) { Console.WriteLine($"Signed by {userId}"); } Console.WriteLine("Signature verified"); valid = true; } else { valid = false; } return(valid); }
private void VerifyMessageSignature(PgpOnePassSignature onePassSignature, PgpSignature sig) { if (!onePassSignature.Verify(sig)) { throw new PgpException("The signature of the file couldn't be verified."); } }
/// <summary> /// Verifies the specified signature using the specified public key. /// </summary> /// <param name="input">The signature to verify.</param> /// <param name="publicKey">The public key with which to decode the signature.</param> /// <returns>A byte array containing the message contained within the signature.</returns> /// <exception cref="PgpDataValidationException"> /// Thrown when the specified signature is invalid, or if an exception is encountered while validating. /// </exception> public static byte[] Verify(string input, string publicKey) { // create input streams from Stream inputStream = new MemoryStream(Encoding.UTF8.GetBytes(input ?? string.Empty)); Stream publicKeyStream = new MemoryStream(Encoding.UTF8.GetBytes(publicKey ?? string.Empty)); // enclose all operations in a try/catch. if we encounter any exceptions verification fails. try { // lines taken pretty much verbatim from the bouncycastle example. not sure what it all does. inputStream = PgpUtilities.GetDecoderStream(inputStream); PgpObjectFactory pgpFact = new PgpObjectFactory(inputStream); PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); Stream dIn = p2.GetInputStream(); PgpPublicKeyRingBundle pgpRing = new PgpPublicKeyRingBundle(PgpUtilities.GetDecoderStream(publicKeyStream)); PgpPublicKey key = pgpRing.GetPublicKey(ops.KeyId); // set up a memorystream to contain the message contained within the signature MemoryStream memoryStream = new MemoryStream(); ops.InitVerify(key); int ch; while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); memoryStream.WriteByte((byte)ch); } // save the contents of the memorystream to a byte array byte[] retVal = memoryStream.ToArray(); memoryStream.Close(); PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); PgpSignature firstSig = p3[0]; // verify. if (ops.Verify(firstSig)) { return(retVal); } else { throw new PgpDataValidationException(); } } catch (Exception) { throw new PgpDataValidationException(); } }
/// <summary> /// Verifies a PGP signature. See documentation at https://github.com/CommunityHiQ/Frends.Community.PgpVerifySignature Returns: Object {string FilePath, Boolean Verified} /// </summary> public static Result PGPVerifySignFile(Input input) { try { Stream inputStream = PgpUtilities.GetDecoderStream(File.OpenRead(input.InputFile)); PgpObjectFactory pgpFact = new PgpObjectFactory(inputStream); PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); Stream dIn = p2.GetInputStream(); PgpPublicKeyRingBundle pgpRing = new PgpPublicKeyRingBundle(PgpUtilities.GetDecoderStream(File.OpenRead(input.PublicKeyFile))); PgpPublicKey key = pgpRing.GetPublicKey(ops.KeyId); string fosPath; if (String.IsNullOrWhiteSpace(input.OutputFolder)) { fosPath = Path.Combine(Path.GetDirectoryName(input.InputFile), p2.FileName); } else { fosPath = Path.Combine(input.OutputFolder, p2.FileName); } Stream fos = File.Create(fosPath); ops.InitVerify(key); int ch; while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); fos.WriteByte((byte)ch); } fos.Close(); PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); PgpSignature firstSig = p3[0]; bool verified = ops.Verify(firstSig); Result ret = new Result { FilePath = fosPath, Verified = verified }; return(ret); } catch (Exception e) { Result ret = new Result { FilePath = input.OutputFolder, Verified = false }; return(ret); } }
private void verifySignature( byte[] encodedSig, HashAlgorithmTag hashAlgorithm, PgpPublicKey pubKey, byte[] original) { PgpObjectFactory pgpFact = new PgpObjectFactory(encodedSig); PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); Stream dIn = p2.GetInputStream(); ops.InitVerify(pubKey); int ch; while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); } PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); PgpSignature sig = p3[0]; DateTime creationTime = sig.CreationTime; // Check creationTime is recent if (creationTime.CompareTo(DateTime.UtcNow) > 0 || creationTime.CompareTo(DateTime.UtcNow.AddMinutes(-10)) < 0) { Fail("bad creation time in signature: " + creationTime); } if (sig.KeyId != pubKey.KeyId) { Fail("key id mismatch in signature"); } if (!ops.Verify(sig)) { Fail("Failed generated signature check - " + hashAlgorithm); } sig.InitVerify(pubKey); for (int i = 0; i != original.Length; i++) { sig.Update(original[i]); } sig.Update(original); if (!sig.Verify()) { Fail("Failed generated signature check against original data"); } }
public static bool Verify(string hash, string signature, string publicKey) { try { var signatureStream = new MemoryStream(Encoding.ASCII.GetBytes(signature)); var decoderStream = PgpUtilities.GetDecoderStream(signatureStream); PgpObjectFactory pgpObjectFactory = new PgpObjectFactory(decoderStream); PgpOnePassSignatureList signatureList = (PgpOnePassSignatureList)pgpObjectFactory.NextPgpObject(); PgpOnePassSignature onePassSignature = signatureList[0]; PgpLiteralData literalData = (PgpLiteralData)pgpObjectFactory.NextPgpObject(); Stream literalStream = literalData.GetInputStream(); Stream keyFile = new MemoryStream(Encoding.ASCII.GetBytes(publicKey)); PgpPublicKeyRingBundle pgpRing = new PgpPublicKeyRingBundle(PgpUtilities.GetDecoderStream(keyFile)); PgpPublicKey key = pgpRing.GetPublicKey(onePassSignature.KeyId); Stream outStream = new MemoryStream(); onePassSignature.InitVerify(key); int ch; while ((ch = literalStream.ReadByte()) >= 0) { onePassSignature.Update((byte)ch); outStream.WriteByte((byte)ch); } var hashStream = new MemoryStream(Encoding.ASCII.GetBytes(hash)); outStream.Seek(0, SeekOrigin.Begin); if (hashStream.Length != outStream.Length) { return(false); } int left, right; while ((left = hashStream.ReadByte()) >= 0 && (right = outStream.ReadByte()) >= 0) { if (left != right) { return(false); } } outStream.Dispose(); PgpSignatureList signatureList2 = (PgpSignatureList)pgpObjectFactory.NextPgpObject(); PgpSignature firstSig = signatureList2[0]; if (onePassSignature.Verify(firstSig)) { return(true); } else { return(false); } } catch { return(false); } }
private SignatureStatus VerifyFileSignature(Stream literalDataStream, PgpOnePassSignatureList pgpOnePassSignatureList, PgpSignatureList pgpSignatureList) { try { const int BUFFER_SIZE = 1 << 16; // should always be power of 2 SignatureStatus signatureStatus = SignatureStatus.Invalid; var signatureKeys = GetAllSignatureKeys(); if (pgpOnePassSignatureList == null) { return(SignatureStatus.NoSignature); } for (int i = 0; i < pgpOnePassSignatureList.Count; i++) { if (literalDataStream.CanSeek) { literalDataStream.Seek(0, SeekOrigin.Begin); } PgpOnePassSignature pgpOnePassSignature = pgpOnePassSignatureList[i]; Stream dIn = literalDataStream; var keyIn = FindSignatureKey(signatureKeys, pgpOnePassSignature.KeyId); if (keyIn == null) { continue; } pgpOnePassSignature.InitVerify(keyIn); byte[] buf = new byte[BUFFER_SIZE]; int len; while ((len = dIn.Read(buf, 0, buf.Length)) > 0) { pgpOnePassSignature.Update(buf, 0, len); } PgpSignature pgpSignature = pgpSignatureList[i]; if (pgpOnePassSignature.Verify(pgpSignature)) { signatureStatus = SignatureStatus.Valid; break; } } return(signatureStatus); } catch { return(SignatureStatus.Error); } }
private void DoTestSignedEncMessage() { PgpObjectFactory pgpFact = new PgpObjectFactory(signedEncMessage); PgpEncryptedDataList encList = (PgpEncryptedDataList)pgpFact.NextPgpObject(); PgpPublicKeyEncryptedData encP = (PgpPublicKeyEncryptedData)encList[0]; PgpPublicKeyRing publicKeyRing = new PgpPublicKeyRing(testPubKey); PgpPublicKey publicKey = publicKeyRing.GetPublicKey(encP.KeyId); PgpSecretKey secretKey = PgpSecretKey.ParseSecretKeyFromSExpr(new MemoryStream(sExprKeySub, false), "test".ToCharArray(), publicKey); Stream clear = encP.GetDataStream(secretKey.ExtractPrivateKey(null)); PgpObjectFactory plainFact = new PgpObjectFactory(clear); PgpCompressedData cData = (PgpCompressedData)plainFact.NextPgpObject(); PgpObjectFactory compFact = new PgpObjectFactory(cData.GetDataStream()); PgpOnePassSignatureList sList = (PgpOnePassSignatureList)compFact.NextPgpObject(); PgpOnePassSignature ops = sList[0]; PgpLiteralData lData = (PgpLiteralData)compFact.NextPgpObject(); if (!"test.txt".Equals(lData.FileName)) { Fail("wrong file name detected"); } Stream dIn = lData.GetInputStream(); ops.InitVerify(publicKeyRing.GetPublicKey(ops.KeyId)); int ch; while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); } PgpSignatureList p3 = (PgpSignatureList)compFact.NextPgpObject(); if (!ops.Verify(p3[0])) { Fail("Failed signature check"); } }
/// <summary> /// Process each message block type depending on the type. /// </summary> /// <param name="encryptedData"> /// Encrypted data packets. /// </param> /// <param name="outputStream"> /// Stream to write output. /// </param> /// <param name="publicKeyStream"> /// Public key stream for validating signature. /// </param> /// <param name="privateKey"> /// Private key for decrypting data. /// </param> /// <returns> /// Return true if the data is valid; false otherwise. /// </returns> private static bool ProcessDecryptionMessageBlocks( PgpPublicKeyEncryptedData encryptedData, Stream outputStream, Stream publicKeyStream, PgpPrivateKey privateKey) { var valid = true; PgpOnePassSignatureList onePassSignatureList = null; PgpOnePassSignature onePassSignature = null; PgpPublicKey publicKey = null; var clear = encryptedData.GetDataStream(privateKey); var plainFact = new PgpObjectFactory(clear); var message = plainFact.NextPgpObject(); while (message != null) { Console.WriteLine(message.ToString()); if (message is PgpCompressedData) { var compressedData = (PgpCompressedData)message; plainFact = new PgpObjectFactory(compressedData.GetDataStream()); } else if (message is PgpLiteralData) { onePassSignature = InitOnePassSignatureFromLiteral( publicKeyStream, onePassSignatureList, ref publicKey); ProcessDecryptionStreams(outputStream, message, onePassSignature); } else if (message is PgpOnePassSignatureList) { onePassSignatureList = (PgpOnePassSignatureList)message; } else if (message is PgpSignatureList) { valid = VerifyOnePassSignature(message, onePassSignature, publicKey, valid); } else { throw new PgpException("message unknown message type."); } message = plainFact.NextPgpObject(); } return(valid); }
/// <summary> /// Processes the decryption streams block by block updating the one-pass /// signature in the same process. /// </summary> /// <param name="outputStream"> /// Stream to write the output. /// </param> /// <param name="message"> /// Message block containing the input stream. /// </param> /// <param name="onePassSignature"> /// One-pass signature. /// </param> private static void ProcessDecryptionStreams( Stream outputStream, PgpObject message, PgpOnePassSignature onePassSignature) { int read; byte[] buffer = new byte[PgpCommon.BufferSize]; var @in = ((PgpLiteralData)message).GetInputStream(); while ((read = @in.Read(buffer, 0, buffer.Length)) > 0) { outputStream.Write(buffer, 0, read); onePassSignature.Update(buffer, 0, read); } }
/*.......................................................................檔案數認證開始*/ /*首先傳送端將訊息經過雜湊演算法計算後得到一個雜湊值,再利用它的私有鑰匙向雜湊值加密成為一個數位簽章(DS),接著,再將數位簽章附加在訊息後面一併傳送出去; * 接收端收到訊息之後,以同樣的雜湊演算計算出雜湊值(H’),並利用傳送端的公開鑰匙將 DS 解密,得到另一端的雜湊值(H)。 * 接著,比較兩個雜湊值,如果相同的話,則可以確定該訊息的『完整性』(雜湊值相同),此外也可以確定其『不可否認性』(私有鑰匙與公開鑰匙配對)。*/ /* * 簽章後的hash值 -> 公鑰(對方)解密 -> hash值 * 解密後的文章 -> hash -> 解密後文章的hash值 */ private static void VerifyFile( Stream inputStream, //預計數位認證原始檔案的資料流 Stream keyIn, //簽名方(對方)公鑰的資料流 string outputFileName //預計匯出(數位認證後檔案)的完整路徑 ) { inputStream = PgpUtilities.GetDecoderStream(inputStream); //串流陣列化 byte Array PgpObjectFactory pgpFact = new PgpObjectFactory(inputStream); PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); //解壓縮 PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); Stream dIn = p2.GetInputStream(); PgpPublicKeyRingBundle pgpRing = new PgpPublicKeyRingBundle(PgpUtilities.GetDecoderStream(keyIn)); PgpPublicKey key = pgpRing.GetPublicKey(ops.KeyId); //取出公鑰 Stream fileOutput = File.Create(outputFileName); //預計匯出檔案建立 ops.InitVerify(key); //驗證公鑰是否符合 int ch; while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); //進行解密 fileOutput.WriteByte((byte)ch); //寫入預計匯出檔案 } fileOutput.Close(); fileOutput.Dispose(); PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); PgpSignature firstSig = p3[0]; if (ops.Verify(firstSig)) //Hash值比較 { Console.Out.WriteLine("signature verified."); } else { Console.Out.WriteLine("signature verification failed."); } }
/** * verify the passed in file as being correctly signed. */ private static void VerifyFile( Stream inputStream, Stream keyIn) { inputStream = PgpUtilities.GetDecoderStream(inputStream); PgpObjectFactory pgpFact = new PgpObjectFactory(inputStream); PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); Stream dIn = p2.GetInputStream(); PgpPublicKeyRingBundle pgpRing = new PgpPublicKeyRingBundle(PgpUtilities.GetDecoderStream(keyIn)); IPgpPublicKey key = pgpRing.GetPublicKey(ops.KeyId); Stream fos = File.Create(p2.FileName); ops.InitVerify(key); int ch; while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); fos.WriteByte((byte)ch); } fos.Close(); PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); PgpSignature firstSig = p3[0]; if (ops.Verify(firstSig)) { Console.Out.WriteLine("signature verified."); } else { Console.Out.WriteLine("signature verification failed."); } }
/// <summary> /// Verify one pass signature against signed packet. /// </summary> /// <param name="message"> /// The message containing the signature list. /// </param> /// <param name="onePassSignature"> /// The one pass signature. /// </param> /// <param name="publicKey"> /// The public key for validating the signature. /// </param> /// <param name="valid"> /// Whether the status was previously valid. /// </param> /// <returns> /// The <see cref="bool"/> value indicating whether the signature was valid. If /// the state was previously false, false will still be returned regardless. /// </returns> /// <exception cref="PgpException"> /// Thrown if it was not possible to verify the one pass signature. /// </exception> private static bool VerifyOnePassSignature( PgpObject message, PgpOnePassSignature onePassSignature, PgpPublicKey publicKey, bool valid) { var signatureList = (PgpSignatureList)message; if (onePassSignature == null) { throw new PgpException("One pass signatures not found."); } for (var signatureIndex = 0; signatureIndex < signatureList.Count; signatureIndex++) { valid = valid && VerifySingleSignatueAgainstOnePass(onePassSignature, publicKey, signatureList[signatureIndex]); } return(valid); }
public String DecryptAndVerifySignature(byte[] encryptData, Stream decryptData) { try { var bais = PgpUtilities.GetDecoderStream(new MemoryStream(encryptData)); PgpObjectFactory objectFactory = new PgpObjectFactory(bais); var firstObject = objectFactory.NextPgpObject(); PgpEncryptedDataList dataList = (PgpEncryptedDataList)(firstObject is PgpEncryptedDataList ? firstObject : objectFactory.NextPgpObject()); PgpPrivateKey privateKey = null; PgpPublicKeyEncryptedData encryptedData = null; var list = dataList.GetEncryptedDataObjects(); foreach (var obj in list) { if (privateKey != null) { break; } encryptedData = (PgpPublicKeyEncryptedData)obj; privateKey = FindSecretKey(encryptedData.KeyId); } if (privateKey == null || encryptedData == null) { throw new ArgumentException("secret key for message not found."); } Stream clear = encryptedData.GetDataStream(privateKey); PgpObjectFactory clearObjectFactory = new PgpObjectFactory(clear); var message = clearObjectFactory.NextPgpObject(); if (message is PgpCompressedData) { PgpCompressedData cData = (PgpCompressedData)message; objectFactory = new PgpObjectFactory(cData.GetDataStream()); message = objectFactory.NextPgpObject(); } PgpOnePassSignature calculatedSignature = null; if (message is PgpOnePassSignatureList) { calculatedSignature = ((PgpOnePassSignatureList)message)[0]; calculatedSignature.InitVerify(publicKey); message = objectFactory.NextPgpObject(); } var baos = new MemoryStream(); if (message is PgpLiteralData) { PgpLiteralData ld = (PgpLiteralData)message; Stream unc = ld.GetInputStream(); int ch; while ((ch = unc.ReadByte()) >= 0) { if (calculatedSignature != null) { calculatedSignature.Update((byte)ch); } baos.WriteByte((byte)ch); } } else if (message is PgpOnePassSignatureList) { throw new PgpException("encrypted message contains a signed message - not literal data."); } else { throw new PgpException("message is not a simple encrypted file - type unknown."); } return(Encoding.UTF8.GetString(baos.ToArray())); } catch (Exception e) { Console.WriteLine(e); throw; } }
public override void PerformTest() { PgpPublicKey pubKey = null; // // Read the public key // PgpPublicKeyRing pgpPub = new PgpPublicKeyRing(testPubKey); pubKey = pgpPub.GetPublicKey(); // // Read the private key // PgpSecretKeyRing sKey = new PgpSecretKeyRing(testPrivKey); PgpSecretKey secretKey = sKey.GetSecretKey(); PgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(pass); // // test signature message // PgpObjectFactory pgpFact = new PgpObjectFactory(sig1); PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); Stream dIn = p2.GetInputStream(); ops.InitVerify(pubKey); int ch; while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); } PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); if (!ops.Verify(p3[0])) { Fail("Failed signature check"); } // // signature generation // GenerateTest(sKey, pubKey, pgpPrivKey); // // signature generation - canonical text // const string data = "hello world!"; byte[] dataBytes = Encoding.ASCII.GetBytes(data); MemoryStream bOut = new MemoryStream(); MemoryStream testIn = new MemoryStream(dataBytes, false); PgpSignatureGenerator sGen = new PgpSignatureGenerator( PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.CanonicalTextDocument, pgpPrivKey); PgpCompressedDataGenerator cGen = new PgpCompressedDataGenerator( CompressionAlgorithmTag.Zip); BcpgOutputStream bcOut = new BcpgOutputStream(cGen.Open(new UncloseableStream(bOut))); sGen.GenerateOnePassVersion(false).Encode(bcOut); PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator(); DateTime testDateTime = new DateTime(1973, 7, 27); Stream lOut = lGen.Open( new UncloseableStream(bcOut), PgpLiteralData.Text, "_CONSOLE", dataBytes.Length, testDateTime); while ((ch = testIn.ReadByte()) >= 0) { lOut.WriteByte((byte)ch); sGen.Update((byte)ch); } lGen.Close(); sGen.Generate().Encode(bcOut); cGen.Close(); // // verify Generated signature - canconical text // pgpFact = new PgpObjectFactory(bOut.ToArray()); c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); ops = p1[0]; p2 = (PgpLiteralData)pgpFact.NextPgpObject(); if (!p2.ModificationTime.Equals(testDateTime)) { Fail("Modification time not preserved"); } dIn = p2.GetInputStream(); ops.InitVerify(pubKey); while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); } p3 = (PgpSignatureList)pgpFact.NextPgpObject(); if (!ops.Verify(p3[0])) { Fail("Failed generated signature check"); } // // Read the public key with user attributes // pgpPub = new PgpPublicKeyRing(testPubWithUserAttr); pubKey = pgpPub.GetPublicKey(); int count = 0; foreach (PgpUserAttributeSubpacketVector attributes in pubKey.GetUserAttributes()) { int sigCount = 0; foreach (object sigs in pubKey.GetSignaturesForUserAttribute(attributes)) { if (sigs == null) { Fail("null signature found"); } sigCount++; } if (sigCount != 1) { Fail("Failed user attributes signature check"); } count++; } if (count != 1) { Fail("Failed user attributes check"); } byte[] pgpPubBytes = pgpPub.GetEncoded(); pgpPub = new PgpPublicKeyRing(pgpPubBytes); pubKey = pgpPub.GetPublicKey(); count = 0; foreach (object ua in pubKey.GetUserAttributes()) { if (ua == null) { Fail("null user attribute found"); } count++; } if (count != 1) { Fail("Failed user attributes reread"); } // // reading test extra data - key with edge condition for DSA key password. // char[] passPhrase = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' }; sKey = new PgpSecretKeyRing(testPrivKey2); pgpPrivKey = sKey.GetSecretKey().ExtractPrivateKey(passPhrase); // // reading test - aes256 encrypted passphrase. // sKey = new PgpSecretKeyRing(aesSecretKey); pgpPrivKey = sKey.GetSecretKey().ExtractPrivateKey(pass); // // reading test - twofish encrypted passphrase. // sKey = new PgpSecretKeyRing(twofishSecretKey); pgpPrivKey = sKey.GetSecretKey().ExtractPrivateKey(pass); // // use of PgpKeyPair // DsaParametersGenerator pGen = new DsaParametersGenerator(); pGen.Init(512, 80, new SecureRandom()); // TODO Is the certainty okay? DsaParameters dsaParams = pGen.GenerateParameters(); DsaKeyGenerationParameters kgp = new DsaKeyGenerationParameters(new SecureRandom(), dsaParams); IAsymmetricCipherKeyPairGenerator kpg = GeneratorUtilities.GetKeyPairGenerator("DSA"); kpg.Init(kgp); AsymmetricCipherKeyPair kp = kpg.GenerateKeyPair(); PgpKeyPair pgpKp = new PgpKeyPair(PublicKeyAlgorithmTag.Dsa, kp.Public, kp.Private, DateTime.UtcNow); PgpPublicKey k1 = pgpKp.PublicKey; PgpPrivateKey k2 = pgpKp.PrivateKey; }
/** * Generated signature test * * @param sKey * @param pgpPrivKey * @return test result */ public void GenerateTest( PgpSecretKeyRing sKey, PgpPublicKey pgpPubKey, PgpPrivateKey pgpPrivKey) { string data = "hello world!"; MemoryStream bOut = new MemoryStream(); byte[] dataBytes = Encoding.ASCII.GetBytes(data); MemoryStream testIn = new MemoryStream(dataBytes, false); PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey); PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator(); IEnumerator enumerator = sKey.GetSecretKey().PublicKey.GetUserIds().GetEnumerator(); enumerator.MoveNext(); string primaryUserId = (string)enumerator.Current; spGen.SetSignerUserId(true, primaryUserId); sGen.SetHashedSubpackets(spGen.Generate()); PgpCompressedDataGenerator cGen = new PgpCompressedDataGenerator( CompressionAlgorithmTag.Zip); BcpgOutputStream bcOut = new BcpgOutputStream(cGen.Open(new UncloseableStream(bOut))); sGen.GenerateOnePassVersion(false).Encode(bcOut); PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator(); DateTime testDateTime = new DateTime(1973, 7, 27); Stream lOut = lGen.Open( new UncloseableStream(bcOut), PgpLiteralData.Binary, "_CONSOLE", dataBytes.Length, testDateTime); int ch; while ((ch = testIn.ReadByte()) >= 0) { lOut.WriteByte((byte)ch); sGen.Update((byte)ch); } lGen.Close(); sGen.Generate().Encode(bcOut); cGen.Close(); PgpObjectFactory pgpFact = new PgpObjectFactory(bOut.ToArray()); PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); if (!p2.ModificationTime.Equals(testDateTime)) { Fail("Modification time not preserved"); } Stream dIn = p2.GetInputStream(); ops.InitVerify(pgpPubKey); while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); } PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); if (!ops.Verify(p3[0])) { Fail("Failed generated signature check"); } }
internal OpenPgpDigitalSignature(PgpPublicKey pubkey, PgpOnePassSignature signature) { SignerCertificate = pubkey != null ? new OpenPgpDigitalCertificate(pubkey) : null; OnePassSignature = signature; }
public override void PerformTest() { // // Read the public key // PgpObjectFactory pgpFact = new PgpObjectFactory(testPubKeyRing); PgpPublicKeyRing pgpPub = (PgpPublicKeyRing)pgpFact.NextPgpObject(); var pubKey = pgpPub.GetPublicKey(); if (pubKey.BitStrength != 1024) { Fail("failed - key strength reported incorrectly."); } // // Read the private key // PgpSecretKeyRing sKey = new PgpSecretKeyRing(testPrivKeyRing); IPgpSecretKey secretKey = sKey.GetSecretKey(); IPgpPrivateKey pgpPrivKey = secretKey.ExtractPrivateKey(pass); // // signature generation // const string data = "hello world!"; byte[] dataBytes = Encoding.ASCII.GetBytes(data); MemoryStream bOut = new MemoryStream(); MemoryStream testIn = new MemoryStream(dataBytes, false); PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, HashAlgorithmTag.Sha1); sGen.InitSign(PgpSignature.BinaryDocument, pgpPrivKey); PgpCompressedDataGenerator cGen = new PgpCompressedDataGenerator( CompressionAlgorithmTag.Zip); BcpgOutputStream bcOut = new BcpgOutputStream( cGen.Open(new UncloseableStream(bOut))); sGen.GenerateOnePassVersion(false).Encode(bcOut); PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator(); DateTime testDateTime = new DateTime(1973, 7, 27); Stream lOut = lGen.Open( new UncloseableStream(bcOut), PgpLiteralData.Binary, "_CONSOLE", dataBytes.Length, testDateTime); int ch; while ((ch = testIn.ReadByte()) >= 0) { lOut.WriteByte((byte)ch); sGen.Update((byte)ch); } lGen.Close(); sGen.Generate().Encode(bcOut); cGen.Close(); // // verify Generated signature // pgpFact = new PgpObjectFactory(bOut.ToArray()); PgpCompressedData c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); if (!p2.ModificationTime.Equals(testDateTime)) { Fail("Modification time not preserved"); } Stream dIn = p2.GetInputStream(); ops.InitVerify(pubKey); while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); } PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); if (!ops.Verify(p3[0])) { Fail("Failed Generated signature check"); } // // test encryption // // // find a key sutiable for encryption // long pgpKeyID = 0; IAsymmetricKeyParameter pKey = null; foreach (PgpPublicKey pgpKey in pgpPub.GetPublicKeys()) { if (pgpKey.Algorithm == PublicKeyAlgorithmTag.ElGamalEncrypt || pgpKey.Algorithm == PublicKeyAlgorithmTag.ElGamalGeneral) { pKey = pgpKey.GetKey(); pgpKeyID = pgpKey.KeyId; if (pgpKey.BitStrength != 1024) { Fail("failed - key strength reported incorrectly."); } // // verify the key // } } IBufferedCipher c = CipherUtilities.GetCipher("ElGamal/None/PKCS1Padding"); c.Init(true, pKey); byte[] inBytes = Encoding.ASCII.GetBytes("hello world"); byte[] outBytes = c.DoFinal(inBytes); pgpPrivKey = sKey.GetSecretKey(pgpKeyID).ExtractPrivateKey(pass); c.Init(false, pgpPrivKey.Key); outBytes = c.DoFinal(outBytes); if (!Arrays.AreEqual(inBytes, outBytes)) { Fail("decryption failed."); } // // encrypted message // byte[] text = { (byte)'h', (byte)'e', (byte)'l', (byte)'l', (byte)'o', (byte)' ', (byte)'w', (byte)'o', (byte)'r', (byte)'l',(byte)'d', (byte)'!', (byte)'\n' }; PgpObjectFactory pgpF = new PgpObjectFactory(encMessage); PgpEncryptedDataList encList = (PgpEncryptedDataList)pgpF.NextPgpObject(); PgpPublicKeyEncryptedData encP = (PgpPublicKeyEncryptedData)encList[0]; Stream clear = encP.GetDataStream(pgpPrivKey); pgpFact = new PgpObjectFactory(clear); c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); PgpLiteralData ld = (PgpLiteralData)pgpFact.NextPgpObject(); if (!ld.FileName.Equals("test.txt")) { throw new Exception("wrong filename in packet"); } Stream inLd = ld.GetDataStream(); byte[] bytes = Streams.ReadAll(inLd); if (!Arrays.AreEqual(bytes, text)) { Fail("wrong plain text in decrypted packet"); } // // signed and encrypted message // pgpF = new PgpObjectFactory(signedAndEncMessage); encList = (PgpEncryptedDataList)pgpF.NextPgpObject(); encP = (PgpPublicKeyEncryptedData)encList[0]; clear = encP.GetDataStream(pgpPrivKey); pgpFact = new PgpObjectFactory(clear); c1 = (PgpCompressedData)pgpFact.NextPgpObject(); pgpFact = new PgpObjectFactory(c1.GetDataStream()); p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); ops = p1[0]; ld = (PgpLiteralData)pgpFact.NextPgpObject(); bOut = new MemoryStream(); if (!ld.FileName.Equals("test.txt")) { throw new Exception("wrong filename in packet"); } inLd = ld.GetDataStream(); // // note: we use the DSA public key here. // ops.InitVerify(pgpPub.GetPublicKey()); while ((ch = inLd.ReadByte()) >= 0) { ops.Update((byte)ch); bOut.WriteByte((byte)ch); } p3 = (PgpSignatureList)pgpFact.NextPgpObject(); if (!ops.Verify(p3[0])) { Fail("Failed signature check"); } if (!Arrays.AreEqual(bOut.ToArray(), text)) { Fail("wrong plain text in decrypted packet"); } // // encrypt // MemoryStream cbOut = new MemoryStream(); PgpEncryptedDataGenerator cPk = new PgpEncryptedDataGenerator( SymmetricKeyAlgorithmTag.TripleDes, random); IPgpPublicKey puK = sKey.GetSecretKey(pgpKeyID).PublicKey; cPk.AddMethod(puK); Stream cOut = cPk.Open(new UncloseableStream(cbOut), bOut.ToArray().Length); cOut.Write(text, 0, text.Length); cOut.Close(); pgpF = new PgpObjectFactory(cbOut.ToArray()); encList = (PgpEncryptedDataList)pgpF.NextPgpObject(); encP = (PgpPublicKeyEncryptedData)encList[0]; pgpPrivKey = sKey.GetSecretKey(pgpKeyID).ExtractPrivateKey(pass); clear = encP.GetDataStream(pgpPrivKey); outBytes = Streams.ReadAll(clear); if (!Arrays.AreEqual(outBytes, text)) { Fail("wrong plain text in Generated packet"); } // // use of PgpKeyPair // IBigInteger g = new BigInteger("153d5d6172adb43045b68ae8e1de1070b6137005686d29d3d73a7749199681ee5b212c9b96bfdcfa5b20cd5e3fd2044895d609cf9b410b7a0f12ca1cb9a428cc", 16); IBigInteger p = new BigInteger("9494fec095f3b85ee286542b3836fc81a5dd0a0349b4c239dd38744d488cf8e31db8bcb7d33b41abb9e5a33cca9144b1cef332c94bf0573bf047a3aca98cdf3b", 16); ElGamalParameters elParams = new ElGamalParameters(p, g); IAsymmetricCipherKeyPairGenerator kpg = GeneratorUtilities.GetKeyPairGenerator("ELGAMAL"); kpg.Init(new ElGamalKeyGenerationParameters(random, elParams)); IAsymmetricCipherKeyPair kp = kpg.GenerateKeyPair(); PgpKeyPair pgpKp = new PgpKeyPair(PublicKeyAlgorithmTag.ElGamalGeneral, kp.Public, kp.Private, DateTime.UtcNow); PgpPublicKey k1 = pgpKp.PublicKey; PgpPrivateKey k2 = pgpKp.PrivateKey; // Test bug with ElGamal P size != 0 mod 8 (don't use these sizes at home!) for (int pSize = 257; pSize < 264; ++pSize) { // Generate some parameters of the given size ElGamalParametersGenerator epg = new ElGamalParametersGenerator(); epg.Init(pSize, 2, random); elParams = epg.GenerateParameters(); kpg = GeneratorUtilities.GetKeyPairGenerator("ELGAMAL"); kpg.Init(new ElGamalKeyGenerationParameters(random, elParams)); // Run a short encrypt/decrypt test with random key for the given parameters kp = kpg.GenerateKeyPair(); PgpKeyPair elGamalKeyPair = new PgpKeyPair( PublicKeyAlgorithmTag.ElGamalGeneral, kp, DateTime.UtcNow); cPk = new PgpEncryptedDataGenerator(SymmetricKeyAlgorithmTag.Cast5, random); puK = elGamalKeyPair.PublicKey; cPk.AddMethod(puK); cbOut = new MemoryStream(); cOut = cPk.Open(new UncloseableStream(cbOut), text.Length); cOut.Write(text, 0, text.Length); cOut.Close(); pgpF = new PgpObjectFactory(cbOut.ToArray()); encList = (PgpEncryptedDataList)pgpF.NextPgpObject(); encP = (PgpPublicKeyEncryptedData)encList[0]; pgpPrivKey = elGamalKeyPair.PrivateKey; // Note: This is where an exception would be expected if the P size causes problems clear = encP.GetDataStream(pgpPrivKey); byte[] decText = Streams.ReadAll(clear); if (!Arrays.AreEqual(text, decText)) { Fail("decrypted message incorrect"); } } // check sub key encoding foreach (PgpPublicKey pgpKey in pgpPub.GetPublicKeys()) { if (!pgpKey.IsMasterKey) { byte[] kEnc = pgpKey.GetEncoded(); PgpObjectFactory objF = new PgpObjectFactory(kEnc); // TODO Make PgpPublicKey a PgpObject or return a PgpPublicKeyRing // PgpPublicKey k = (PgpPublicKey)objF.NextPgpObject(); // // pKey = k.GetKey(); // pgpKeyID = k.KeyId; // if (k.BitStrength != 1024) // { // Fail("failed - key strength reported incorrectly."); // } // // if (objF.NextPgpObject() != null) // { // Fail("failed - stream not fully parsed."); // } } } }
private void InitSignatureVerification(PgpOnePassSignature sig) => sig.InitVerify(GetPublicKey(sig.KeyId));
private void doSigGenerateTest( string privateKeyFile, string publicKeyFile, HashAlgorithmTag digest) { PgpSecretKeyRing secRing = loadSecretKey(privateKeyFile); PgpPublicKeyRing pubRing = loadPublicKey(publicKeyFile); string data = "hello world!"; byte[] dataBytes = Encoding.ASCII.GetBytes(data); MemoryStream bOut = new MemoryStream(); MemoryStream testIn = new MemoryStream(dataBytes, false); PgpSignatureGenerator sGen = new PgpSignatureGenerator(PublicKeyAlgorithmTag.Dsa, digest); sGen.InitSign(PgpSignature.BinaryDocument, secRing.GetSecretKey().ExtractPrivateKey("test".ToCharArray())); BcpgOutputStream bcOut = new BcpgOutputStream(bOut); sGen.GenerateOnePassVersion(false).Encode(bcOut); PgpLiteralDataGenerator lGen = new PgpLiteralDataGenerator(); // Date testDate = new Date((System.currentTimeMillis() / 1000) * 1000); DateTime testDate = new DateTime( (DateTime.UtcNow.Ticks / TimeSpan.TicksPerSecond) * TimeSpan.TicksPerSecond); Stream lOut = lGen.Open( new UncloseableStream(bcOut), PgpLiteralData.Binary, "_CONSOLE", dataBytes.Length, testDate); int ch; while ((ch = testIn.ReadByte()) >= 0) { lOut.WriteByte((byte)ch); sGen.Update((byte)ch); } lGen.Close(); sGen.Generate().Encode(bcOut); PgpObjectFactory pgpFact = new PgpObjectFactory(bOut.ToArray()); PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature ops = p1[0]; Assert.AreEqual(digest, ops.HashAlgorithm); Assert.AreEqual(PublicKeyAlgorithmTag.Dsa, ops.KeyAlgorithm); PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); if (!p2.ModificationTime.Equals(testDate)) { Assert.Fail("Modification time not preserved"); } Stream dIn = p2.GetInputStream(); ops.InitVerify(pubRing.GetPublicKey()); while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); } PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); PgpSignature sig = p3[0]; Assert.AreEqual(digest, sig.HashAlgorithm); Assert.AreEqual(PublicKeyAlgorithmTag.Dsa, sig.KeyAlgorithm); Assert.IsTrue(ops.Verify(sig)); }
/// <summary> /// Verifies a PGP signature. See documentation at https://github.com/CommunityHiQ/Frends.Community.PgpVerifySignature Returns: Object {string FilePath, Boolean Verified} /// </summary> public static Result PGPVerifySignFile(Input input) { using (var inputStream = PgpUtilities.GetDecoderStream(File.OpenRead(input.InputFile))) using (var keyStream = PgpUtilities.GetDecoderStream(File.OpenRead(input.PublicKeyFile))) { PgpObjectFactory pgpFact = new PgpObjectFactory(inputStream); PgpOnePassSignatureList signatureList = (PgpOnePassSignatureList)pgpFact.NextPgpObject(); PgpOnePassSignature onePassSignature = signatureList[0]; PgpLiteralData p2 = (PgpLiteralData)pgpFact.NextPgpObject(); Stream dataIn = p2.GetInputStream(); PgpPublicKeyRingBundle pgpRing = new PgpPublicKeyRingBundle(keyStream); PgpPublicKey key = pgpRing.GetPublicKey(onePassSignature.KeyId); string outputPath; if (String.IsNullOrWhiteSpace(input.OutputFolder)) { outputPath = Path.Combine(Path.GetDirectoryName(input.InputFile), p2.FileName); } else { outputPath = Path.Combine(input.OutputFolder, p2.FileName); } using (var outputStream = File.Create(outputPath)) { onePassSignature.InitVerify(key); int ch; while ((ch = dataIn.ReadByte()) >= 0) { onePassSignature.Update((byte)ch); outputStream.WriteByte((byte)ch); } outputStream.Close(); } bool verified; // Will throw Exception if file is altered try { PgpSignatureList p3 = (PgpSignatureList)pgpFact.NextPgpObject(); PgpSignature firstSig = p3[0]; verified = onePassSignature.Verify(firstSig); } catch (Exception) { Result retError = new Result { FilePath = input.OutputFolder, Verified = false }; return(retError); } Result ret = new Result { FilePath = outputPath, Verified = verified }; return(ret); } }
/* * decrypt a given stream. */ public static void Decrypt(Stream inputStream, Stream privateKeyStream, string passPhrase, string outputFile, Stream publicKeyStream) { try { bool deleteOutputFile = false; PgpEncryptedDataList enc; PgpObject o = null; PgpPrivateKey sKey = null; PgpPublicKeyEncryptedData pbe = null; var pgpF = new PgpObjectFactory(PgpUtilities.GetDecoderStream(inputStream)); // find secret key var pgpSec = new PgpSecretKeyRingBundle(PgpUtilities.GetDecoderStream(privateKeyStream)); if (pgpF != null) { o = pgpF.NextPgpObject(); } // the first object might be a PGP marker packet. if (o is PgpEncryptedDataList) { enc = (PgpEncryptedDataList)o; } else { enc = (PgpEncryptedDataList)pgpF.NextPgpObject(); } // decrypt foreach (PgpPublicKeyEncryptedData pked in enc.GetEncryptedDataObjects()) { sKey = FindSecretKey(pgpSec, pked.KeyId, passPhrase.ToCharArray()); if (sKey != null) { pbe = pked; break; } } if (sKey == null) { throw new ArgumentException("Secret key for message not found."); } PgpObjectFactory plainFact = null; using (Stream clear = pbe.GetDataStream(sKey)) { plainFact = new PgpObjectFactory(clear); } PgpObject message = plainFact.NextPgpObject(); if (message is PgpCompressedData) { PgpCompressedData cData = (PgpCompressedData)message; PgpObjectFactory of = null; using (Stream compDataIn = cData.GetDataStream()) { of = new PgpObjectFactory(compDataIn); } message = of.NextPgpObject(); if (message is PgpOnePassSignatureList) { PgpOnePassSignature ops = ((PgpOnePassSignatureList)message)[0]; PgpPublicKeyRingBundle pgpRing = new PgpPublicKeyRingBundle(PgpUtilities.GetDecoderStream(publicKeyStream)); //USE THE BELOW TO CHECK FOR A FAILING SIGNATURE VERIFICATION. //THE CERTIFICATE MATCHING THE KEY ID MUST BE IN THE PUBLIC KEY RING. //long fakeKeyId = 3008998260528343108L; //PgpPublicKey key = pgpRing.GetPublicKey(fakeKeyId); PgpPublicKey key = pgpRing.GetPublicKey(ops.KeyId); ops.InitVerify(key); message = of.NextPgpObject(); PgpLiteralData Ld = null; Ld = (PgpLiteralData)message; //THE OUTPUT FILENAME WILL BE BASED ON THE INPUT PARAMETER VALUE TO THIS METHOD. IF YOU WANT TO KEEP THE //ORIGINAL FILENAME, UNCOMMENT THE FOLLOWING LINE. //if (!String.IsNullOrEmpty(Ld.FileName)) // outputFile = Ld.FileName; using (Stream output = File.Create(outputFile)) { Stream dIn = Ld.GetInputStream(); int ch; while ((ch = dIn.ReadByte()) >= 0) { ops.Update((byte)ch); output.WriteByte((byte)ch); } output.Close(); } PgpSignatureList p3 = (PgpSignatureList)of.NextPgpObject(); PgpSignature firstSig = p3[0]; if (ops.Verify(firstSig)) { Console.Out.WriteLine("signature verified."); } else { Console.Out.WriteLine("signature verification failed."); //YOU MAY OPT TO DELETE THE OUTPUT FILE IN THE EVENT THAT VERIFICATION FAILS. //FILE DELETION HAPPENS FURTHER DOWN IN THIS METHOD //AN ALTERNATIVE IS TO LOG THESE VERIFICATION FAILURE MESSAGES, BUT KEEP THE OUTPUT FILE FOR FURTHER ANALYSIS //deleteOutputFile = true; } } else { PgpLiteralData Ld = null; Ld = (PgpLiteralData)message; using (Stream output = File.Create(outputFile)) { Stream unc = Ld.GetInputStream(); Streams.PipeAll(unc, output); } } } else if (message is PgpLiteralData) { PgpLiteralData ld = (PgpLiteralData)message; string outFileName = ld.FileName; using (Stream fOut = File.Create(outFileName)) { Stream unc = ld.GetInputStream(); Streams.PipeAll(unc, fOut); } } else if (message is PgpOnePassSignatureList) { throw new PgpException("Encrypted message contains a signed message - not literal data."); } else { throw new PgpException("Message is not a simple encrypted file - type unknown."); } #region commented code if (pbe.IsIntegrityProtected()) { if (!pbe.Verify()) { //msg = "message failed integrity check."; Console.Error.WriteLine("message failed integrity check"); //YOU MAY OPT TO DELETE THE OUTPUT FILE IN THE EVENT THAT THE INTEGRITY PROTECTION CHECK FAILS. //FILE DELETION HAPPENS FURTHER DOWN IN THIS METHOD. //AN ALTERNATIVE IS TO LOG THESE VERIFICATION FAILURE MESSAGES, BUT KEEP THE OUTPUT FILE FOR FURTHER ANALYSIS //deleteOutputFile = true; } else { //msg = "message integrity check passed."; Console.Error.WriteLine("message integrity check passed"); } } else { //msg = "no message integrity check."; Console.Error.WriteLine("no message integrity check"); } if (deleteOutputFile) { File.Delete(outputFile); } #endregion commented code } catch (PgpException ex) { throw; } }
private static Stream DecryptFileAsStream( Stream inputStream, Stream keyIn, char[] passwd) { inputStream = PgpUtilities.GetDecoderStream(inputStream); MemoryStream outputStream = new MemoryStream(); try { PgpObjectFactory pgpF = new PgpObjectFactory(inputStream); PgpEncryptedDataList enc; PgpObject o = pgpF.NextPgpObject(); // the first object might be a PGP marker packet. if (o is PgpEncryptedDataList) { enc = (PgpEncryptedDataList)o; } else { enc = (PgpEncryptedDataList)pgpF.NextPgpObject(); } // find the secret key PgpPrivateKey sKey = null; PgpPublicKeyEncryptedData pbe = null; foreach (PgpPublicKeyEncryptedData pked in enc.GetEncryptedDataObjects()) { sKey = FindSecretKey(keyIn, pked.KeyId, passwd); if (sKey != null) { pbe = pked; break; } } // Iterator it = enc.GetEncryptedDataObjects(); // // while (sKey == null && it.hasNext()) // { // pbe = (PgpPublicKeyEncryptedData)it.next(); // // sKey = FindSecretKey(keyIn, pbe.KeyID, passwd); // } if (sKey == null) { throw new ArgumentException("secret key for message not found."); } Stream clear = pbe.GetDataStream(sKey); PgpObjectFactory plainFact = new PgpObjectFactory(clear); PgpObject message = plainFact.NextPgpObject(); if (message is PgpCompressedData) { PgpCompressedData cData = (PgpCompressedData)message; PgpObjectFactory pgpFact = new PgpObjectFactory(cData.GetDataStream()); message = pgpFact.NextPgpObject(); if (message is PgpOnePassSignatureList) { //throw new PgpException("encrypted message contains a signed message - not literal data."); // file is signed! // verify signature here if you want. PgpOnePassSignatureList p1 = (PgpOnePassSignatureList)message; PgpOnePassSignature ops = p1[0]; // etc… message = pgpFact.NextPgpObject(); } } if (message is PgpLiteralData) { PgpLiteralData ld = (PgpLiteralData)message; Stream unc = ld.GetInputStream(); int ch; while ((ch = unc.ReadByte()) >= 0) { outputStream.WriteByte((byte)ch); } outputStream.Seek(0, SeekOrigin.Begin); } else { throw new PgpException("message is not a simple encrypted file - type unknown."); } if (pbe.IsIntegrityProtected()) { if (!pbe.Verify()) { Console.Error.WriteLine("message failed integrity check"); } else { Console.Error.WriteLine("message integrity check passed"); } } else { Console.Error.WriteLine("no message integrity check"); } return(outputStream); } catch (PgpException e) { Console.Error.WriteLine(e); Exception underlyingException = e.InnerException; if (underlyingException != null) { Console.Error.WriteLine(underlyingException.Message); Console.Error.WriteLine(underlyingException.StackTrace); } throw; } }
public PgpObject NextPgpObject() { PacketTag packetTag = bcpgIn.NextPacketTag(); if (packetTag == (PacketTag)(-1)) { return(null); } switch (packetTag) { case PacketTag.Signature: { IList list2 = Platform.CreateArrayList(); while (bcpgIn.NextPacketTag() == PacketTag.Signature) { try { list2.Add(new PgpSignature(bcpgIn)); } catch (PgpException arg3) { throw new IOException("can't create signature object: " + arg3); } } PgpSignature[] array2 = new PgpSignature[list2.Count]; for (int j = 0; j < list2.Count; j++) { array2[j] = (PgpSignature)list2[j]; } return(new PgpSignatureList(array2)); } case PacketTag.SecretKey: try { return(new PgpSecretKeyRing(bcpgIn)); } catch (PgpException arg2) { throw new IOException("can't create secret key object: " + arg2); } case PacketTag.PublicKey: return(new PgpPublicKeyRing(bcpgIn)); case PacketTag.CompressedData: return(new PgpCompressedData(bcpgIn)); case PacketTag.LiteralData: return(new PgpLiteralData(bcpgIn)); case PacketTag.PublicKeyEncryptedSession: case PacketTag.SymmetricKeyEncryptedSessionKey: return(new PgpEncryptedDataList(bcpgIn)); case PacketTag.OnePassSignature: { IList list = Platform.CreateArrayList(); while (bcpgIn.NextPacketTag() == PacketTag.OnePassSignature) { try { list.Add(new PgpOnePassSignature(bcpgIn)); } catch (PgpException arg) { throw new IOException("can't create one pass signature object: " + arg); } } PgpOnePassSignature[] array = new PgpOnePassSignature[list.Count]; for (int i = 0; i < list.Count; i++) { array[i] = (PgpOnePassSignature)list[i]; } return(new PgpOnePassSignatureList(array)); } case PacketTag.Marker: return(new PgpMarker(bcpgIn)); case PacketTag.Experimental1: case PacketTag.Experimental2: case PacketTag.Experimental3: case PacketTag.Experimental4: return(new PgpExperimental(bcpgIn)); default: throw new IOException("unknown object in stream " + bcpgIn.NextPacketTag()); } }